Pinned toot

Interesting investigation here: reverse engineering dropped raspberry pi zeros hidden behind trash cans in a college library

Weird Gmail bug: "You can force an email to enter someone’s Gmail Inbox, Sent folder, and in:sent filter by adding their own email to the From field’s name area (the part in quotes)"

Tiny brain: use an antivirus
Normal brain: use latest Windows with hardened rules and good infosec hygiene
Universe brain: cc @taviso @Sh1ttyKids 😂

(FR) Câbles sous-marins : la guerre invisible - Le Dessous des cartes

This is probably very useful for SOC/CERT monitoring Windows command line executions

, I sure hope this doesn't mean Enterprise Privacy 😂😭

"enterprise-grade encryption"

ie. plaintext

tl;dr: eTLS makes it possible for your {company|ISP|proxy} to decipher your communications, ETSI paper (PDF)

"eTLS, defined in TS 103 523-3, specifies an implementation variant of TLS 1.3. This variant is needed because TLS 1.3 removes support for certain key exchange methods, which prevents passive decryption of TLS 1.3 sessions at any scale"

Phishing Catcher is now using the latest certstream version (1.10), thanks Gijutsu for the PR

Some major French websites haven't fixed their basic XSS 🙄 (publicly available on @openbugbounty h/t @sS55752750) cc @lequipe @le_figaro @allocine @free @ANSSI_FR

The book was really ahead of its time: cyber espionage, sabotage, Nobody-But-Us (NOBUS) strategy, economic warfare and romance in the cold war era. Everything is in there, get your hands on it if you can (original in French)

It actually adds a VPN profile (for iOS) but will only redirect DNS (it seems) to their servers.
Too bad they're not releasing the source code for this app, adding a VPN profile seems quite sketchy (but maybe the only technical solution on iOS for this)

Also, funny to see the document "for Trust and Security in Cyberspace" is leaking metadata!
We're quite not there yet, apparently

Show more

Follow friends and discover new ones. Publish anything you want: links, pictures, text, video. This server is run by the main developers of the Mastodon project. Everyone is welcome as long as you follow our code of conduct!